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Response to Amendment 

This office action is responsive to Applicant's amendment received on 8/25/2006. 
Claims 1-31 remain pending. 

Response to Arguments 

Applicant's arguments filed 8/25/2006 have been fully considered and they are 
persuasive to the extent of rendering dependent claims 9-10, 13, and 25-26 allowable 
upon proper amendment to incorporate them in the independent claims. 

Applicant argues, "Gupta fails to disclose a generic system with a database of 
configuration information". 

Examiner responds that Gupta's system is a generic token-based system 
because tokens/cookies in Gupta's system define path and domain parameters (col. 6, 
lines 8-15). It is also inherent that regardless of the method of authentication being used 
by authentication system of Gupta, the user's authentication information, e.g., user 
name and password, have to be compared with the information retrieved from the 
database of information, e.g., cookie/token database inherently disclosed by Gupta, in 
or coupled to the login server (col. 11, lines 25-38 and col. 12, lines 25-40). 

Applicant argues, "Gupta fails to disclose obtaining from the database 
configuration information defining a natural language". 

Examiner responds that Gupta's disclosure teaches that the custom page 
settings (i.e., choice of language is considered to be a custom page setting) are 
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defined in cookies , and the login server uses such settings for communication with the 
user during the login process (col. 5, lines 58-67). 

Applicant argues, "Gupta fails to disclose a generic system that can be used 
with multiple authentication systems and obtaining from the database configuration 
information defining and outbound parameter and sending the outboard parameter to 
the target application once the authentication system has authenticated the user". 

Examiner responds Gupta discloses that the login server can verify (e.g., check 
and send the result to the application server) that the user attempting to process a 
request has been authenticated with the login server. Gupta also discloses that after a 
successful authentication, the session information may be cached in the application 
server too (col. 13, lines 1-6 and col. 13, lines 20-29). 

Applicant argues, "Though Barry's system may contain an authentication system, 
paragraphs 179-180, it does not disclose or suggest a generic system to integrate a 
plurality of applications and authentication servers. The system in Barry is built for a 
single use in the networkMCI Interact application and, as such, Barry does not disclose 
or suggest editing configuration information regarding login information". Paragraphs 
205 to 207 in Barry do not teach editing configuration files. 

Examiner responds that Barry discloses when an existing user node 1502c is 
selected, the edit/add new application options on the menu 1506 is enabled (i.e., 
therefore, editing the corresponding configuration files is enabled) and disabled 
according to what applications the user (i.e., the administrator) already has. An 
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existing user application node 1502d may be selected to edit/modify/delete options 

within the application (par. 189). 

Applicant argues, "Barry fails to disclose a list of active and inactive targets as his 
system is wholly internal and operates with a central authorization server that grants 
entitlements, as opposed to a generic system operating between application and 
authentication servers". 

Examiner responds that Barry discloses that when the customer has been 

authenticated, the customer is then presented with a list of authorized applications. 

This list determines which buttons, for example, representing each application are 

active, thus controlling customer access to products and services (par. 205-206 and 

par. 186-189). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-8, 11-12, 14-24, and 27-31 are rejected under 35 U.S.C. 103(a) as 

being unpatentable over Gupta et al., (U.S. Patent No. 6,226,752 and Gupta 

hereinafter), in view of Barry et al., (U.S. Publication No. 2005/0216421 and Barry 

hereinafter). 
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Regarding claims 1, 14, and 20, Gupta discloses a generic token-based system 
for integrating a target application on a first server (i.e., application server) to an 
authentication system for authenticating users of the target application (i.e., Gupta's 
system is a generic token-based system because tokens/cookies in Gupta's system 
define path and domain parameters)(col. 6, lines 8-15), the generic system comprising a 
second server (i.e., login server) coupled to a database of configuration information 
about a login process for the target application, the second server being programmed to 
access the database of configuration information to conduct the login process with a 
user of the target application and to use the authentication system to authenticate the 
user and to issue at least one token to enable the user to access the target application 
once the authentication system authenticates the user (i.e., it is inherent that regardless 
of the method of authentication being used by the login server, the user's authentication 
information, e.g., user name and password, is inherently compared with the information 
retrieved from the database of information, e.g., cookie/token database, in or coupled to 
the login server)(col. 11, lines 25-38 and col. 12, lines 25-40), wherein the second 
server is programmed to receive a Uniform Resource Locator (i.e., a servlet , on the 
web server, e.g., application server, can be invoked by a client by a name or a URL) 
including an identification of the target application (i.e., cookie/token database contains 
cookies with variety of information such as database information, custom page settings, 
and parameters such as: name, value, expiration date, path, and domain of the cookie) 
(col. 14, lines 27-60), and the second server is further programmed to use the 
identification of the target application for looking up the configuration information for the 
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login process from the database (i.e., wherein it is inherent that the database can be 

queried using the name of the cookie, corresponding to the websites owner's name)(col. 

5, lines 57-67 and col. 6, lines 1-4 and 30-37). 

Gupta does not disclose an administrative application program to present a 

graphical user interface to a system administrator for creating and editing the 

configuration information. 

However, Barry discloses an administrative application program to present a 

graphical user interface to a system administrator for creating and editing the 

configuration information (par. 186-189). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of Barry 
because it would allow to include an administrative application program to present a 
graphical user interface to a system administrator for creating and editing the 
configuration information as disclosed by Barry. This modification would have been 
obvious because one of ordinary skill in the art would have been motivated by the 
suggestion of Barry to provides a common GUI for the customer (i.e., administrator) 
enabling report requesting, customizing, scheduling and viewing of various types of 
data from different back-end telecommunications service and applications at a single 
point of customer contact (Barry, par. 0020). 



Regarding claims 18 and 27, Gupta discloses a method of using an 
authentication system for authenticating users of a target application on a first server 
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(i.e., application server), the method comprising maintaining a database of configuration 
information about a login process for the target application, and using a second server 
(i.e., login server) to access the database of configuration information to conduct the 
login process with a user of the target application and to use the authentication system 
to authenticate the user and to issue at least one token to enable the user to access the 
target application once the authentication system has authenticated the user (i.e., it is 
inherent that regardless of the method of authentication being used by the login server, 
the user's authentication information, e.g., user name and password, is inherently 
compared with the information retrieved from the database of information, e.g., 
cookie/token database, in or coupled to the login server)(col. 11, lines 25-38 and col. 
12, lines 25-40), wherein a data network couples the first server to the second server, 
and the second server receives a Uniform Resource Locator including an identification 
of the target application and uses the identification of the target integrated for looking up 
the configuration information for the login process from the database (i.e., wherein it is 
inherent that the database can be queried using the name of the cookie, corresponding 
to the websites owner's name)(col. 5, lines 57-67 and col. 6, lines 1-4 and 30-37). 

Gupta does not expressly disclose using a graphical user interface of an 
administrative application to generate the configuration information to define the login 
process and maintain such configuration information. 

However, Barry discloses using a graphical user interface of an administrative 
application to generate the configuration information to define the login process and 
maintain such configuration information (i.e., When the StarOE server 39 detects that 
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the password has expired, the server 39 notifies the customer, via the client application 
154 to change the password. The changed password is sent to the StarOE server 39 
formatted in a message interface, "change password request," for example. The 
server 39 upon receiving the message updates the password for the given user in its 
user profile stored in StarOE database 160, and responds with appropriate return 
codes to the StarOE client 154)(par. 162 and 200). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of Barry 
because it would allow to include using a graphical user interface of an administrative 
application to generate the configuration information to define the login process and 
maintain such configuration information as disclosed by Barry. This modification would 
have been obvious because one of ordinary skill in the art would have been motivated 
by the suggestion of Barry to provides a common GUI for the customer (i.e., 
administrator) enabling report requesting, customizing, scheduling and viewing of 
various types of data from different back-end telecommunications service and 
applications at a single point of customer contact (Barry, par. 0020). 

Regarding claim 31, Gupta discloses a method of integrating a third-party web 
application to a centralized authentication system, said method comprising: 

creating an authentication module (i.e., AuthHttpServlet class) for the third-party 
web application (col. 14, lines 34-45); and 

storing the configuration information in a database (col. 12, lines 54-58); 
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redirecting a user login request from the third-party web application to a server 
containing the authentication module (col. 12, lines 13-24); and 

upon receipt of the user login request, the server activating the authentication 
module to retrieve the configuration information from the database to conduct the login 
process and to use the authentication system for user authentication, and then issuing a 
token for enabling user access to the third-party web application (col. 12, lines 25-61). 

Gupta does not expressly disclose a system administrator using a graphical user 
interface of an administrative application to generate the configuration information to 
define the login process and maintain such configuration information. 

However, Barry discloses using a graphical user interface of an administrative 
application to generate the configuration information to define the login process and 
maintain such configuration information (par. 162 and 200). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of Barry 
because it would allow to include a system administrator using a graphical user 
interface of an administrative application to generate the configuration information to 
define the login process and maintain such configuration information as disclosed by 
Barry. This modification would have been obvious because one of ordinary skill in the 
art would have been motivated by the suggestion of Barry to provides a common GUI 
for the customer (i.e., administrator) enabling report requesting, customizing, scheduling 
and viewing of various types of data from different back-end telecommunications 
service and applications at a single point of customer contact (Barry, par. 0020). 
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Regarding claim 2, Gupta discloses the generic system as claimed in claim 1, 
wherein the authentication system is a centralized authentication system of a business 
organization, and the target application is in a third-party web server coupled by a 
network to the centralized authentication system (col. 11, lines 10-25). 

Regarding claim 3, Gupta discloses the generic system as claimed in claim 1, 
wherein the server is programmed to issuing at least one token (i.e., cookie) to enable 
the user to access the target application once the authentication system has 
authenticated the user (col. 11, lines 10-25). 

Regarding claim 4, Gupta discloses the generic system as claimed in claim 1, 
wherein a data network couples the target application to the server, the server is 
programmed to receive a Uniform Resource Locator (i.e., a servlet , on the web server, 
e.g., application server, can be invoked by a client by a name or a URL) including an 
identification of the target application (i.e., cookie/token database contains cookies with 
variety of information such as database information, custom page settings, and 
parameters such as: name, value, expiration date, path, and domain of the cookie), 
and the server is further programmed to use the identification of the target application 
for looking up the configuration information from the database (i.e., wherein it is inherent 
that the database can be queried using the name of the cookie, corresponding to the 
websites owner's name)(col. 5, lines 57-67 and col. 6, lines 1-4 and 30-37). 
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Regarding claims 5, 15, 21, and 28, Gupta discloses the generic system as 
claimed in claim 1, wherein the second server is programmed to obtain from the 
database configuration information defining an inbound parameter, and the second 
server is programmed to receive the inbound parameter from the target application 
(i.e., the application server checking directly with the login server to verify the 
authorization of the user by providing inbound parameters such as temporary 
identifiers)(col. 12, lines 62-67 and col. 13, lines 1-6). 

Regarding claims 6, 16, 22, and 29, Gupta discloses the generic system as 
claimed in claim 1, wherein the second server is programmed to obtain from the 
database configuration information defining a natural language (i.e., custom page 
settings are defined in cookies in token/cookie database), and the second server is 
programmed to use the natural language (i.e., the custom page settings) for 
communication with the user during the login process (col. 5, lines 58-67). 

Regarding claims 7, 17, 23, and 30, Gupta discloses the generic system as 
claimed in claim 1 , wherein the second server is programmed to obtain from the 
database configuration information defining an outbound parameter, and the second 
server is programmed to send the outbound parameter to the target application once 
the authentication system has authenticated the user (i.e., the login server can verify, 
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e.g., check and send the result to the application server, that the user attempting to 
process a request has been authenticated with the login server)(col. 13, lines 1-6). 

Regarding claims 8 and 24, Gupta does not disclose presenting a graphical user 
interface to the system administrator for creating and editing the configuration 
information, and the graphical user interface includes pages for listing active and 
inactive target applications integrated with the authentication system, and pages for 
creating and editing a selected one of the target applications. 

However, Barry discloses wherein the administrative application is programmed 
to present a graphical user interface to the system administrator for creating and 
editing the configuration information, and the graphical user interface includes pages 
for listing active and inactive target applications integrated with the authentication 
system, and pages for creating and editing a selected one of the target applications 
(i.e., When the customer has been authenticated, the customer is then presented with 
a list of authorized applications. This list determines which buttons, for example, 
representing each application are active, thus controlling customer access to products 
and services)(par. 205-206 and par. 186-189). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of Barry 
because it would allow to include the graphical user interface including listing active 
and inactive target applications integrated with the authentication system (i.e., 
controlling customer access to product and services), and pages for creating and 
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editing a selected one of the target applications as disclosed by Barry. This 
modification would have been obvious because one of ordinary skill in the art would 
have been motivated by the suggestion of Barry to provides a common GUI for the 
customer (i.e., administrator) enabling report requesting, customizing, scheduling and 
viewing of various types of data from different back-end telecommunications service 
and applications at a single point of customer contact (Barry, par. 0020). 

Regarding claim 11, Gupta does not disclose presenting a graphical user 
interface to the system administrator for creating and editing the configuration 
information, the administrative application includes a series of action modules for 
presenting respective pages of the graphical user interface to the system administrator, 
and the action modules are programmed for invoking business logic. 

However, Barry discloses wherein the administrative application is programmed 
to present a graphical user interface to the system administrator for creating and editing 
the configuration information, the administrative application includes a series of action 
modules for presenting respective pages of the graphical user interface to the system 
administrator, and the action modules are programmed for invoking business logic (par. 
234-245). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of Barry 
because it would allow to include wherein the administrative application is programmed 
to present a graphical user interface to the system administrator for creating and 
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editing the configuration information, the administrative application includes a series of 
action modules for presenting respective pages of the graphical user interface to the 
system administrator, and the action modules are programmed for invoking business 
logic as disclosed by Barry. This modification would have been obvious because one of 
ordinary skill in the art would have been motivated by the suggestion of Barry to 
provides a common GUJ for the customer (i.e., administrator) enabling report 
requesting, customizing, scheduling and viewing of various types of data from different 
back-end telecommunications service and applications at a single point of customer 
contact (Barry, par. 0020). 

Regarding claim 12, Gupta discloses the generic system as claimed in claim 1, 
wherein the second server includes a data cache coupled to the database (col. 12, 
lines 54-58). 

Regarding claim 19, Gupta discloses wherein the authentication system is a 
centralized authentication system of a business organization, and the target application 
is in a third-party web server (i.e., application server) coupled by a network to the 
centralized authentication system (col. 11, lines 25-67, col.12, lines 1-7), and the login 
process includes redirection of a user login request from the third-party web server to a 
server (i.e., login server) accessing the database and the centralized authentication 
system (col. 12, lines 7-67 and Col. 13, lines 1-19). 
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Allowable Subject Matter 

Claims 9-10, 13, and 25-26 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Shaw et al., (U.S. Patent No. 6,362,836), and 
Fang et al., (U.S. Patent No. 6,243,816). 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Arezoo Sherkat whose telephone number is (571) 272- 
3796. The examiner can normally be reached on 8:00-4:30 Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

AS. h^Y^l^^^ 
Patent Examiner / l v < t cuciku 
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